Cybersecurity Preparedness, Equifax, and Ben Franklin
The prudent advice Benjamin Franklin shared with the world is just as valuable today as it was nearly 200 years ago. It is valuable to individuals and corporations, in all aspects of life, across many cultures and industries. Ben never saw a computer; however, his advice is highly applicable to today’s cybersecurity preparedness challenges.
“Diligence is the mother of good luck.”
Beginning in September, multiple Equifax security breaches have been in the media. Breaches of highly sensitive data have a wide-ranging impact to our lives. The Equifax security breaches were preventable. The vulnerabilities were known months before the hackers stole the information while patches were available but were not installed.
In a letter to the Wall Street Journal, Equifax Interim CEO Paulino do Rego Barros Jr., admitted, “We were hacked. That’s the simple fact.” Equifax wasn’t diligent with software patching and faced some serious consequences because of it.
“An ounce of prevention is worth a pound of cure.”
Imagine the time, effort, and reputation that could have been saved if security warnings weren’t ignored and patches were installed when they were announced. As a result of complacency, over 145 million people were affected. Hackers stole personal data including Social Security numbers, credit card numbers, driver’s license numbers, birthdays, and addresses.
Equifax isn’t the only entity that has been hacked in recent times with serious consequences. Unfortunately, it’s a high-profile example of what is happening globally.
It will take years, if it is even possible, to repair shattered trust, data and financial loss because of these breaches.
“By failing to prepare, you are preparing to fail.”
Avoid cybersecurity failure by preparing to be secure. Spend a little time and effort preventing hacks. Be diligent with installing patches. How?
Four basic steps need to be taken as part of any patch management program:
- Inventory. Inventory assets (devices, computers, equipment, tablets, smart phones, etc). This includes any asset that has software or firmware, any kind of intelligence or any connectivity to the outside world. Don’t overlook the less obvious ones like USB drives, smart TVs, game controllers, etc. Any device that can reach sensitive data should be included.
- Baseline. Get a list of the software or firmware on each of those assets. Know what ports are supposed to be open. Know what user accounts are on the devices.
- Monitor. Proactively track all updates, news, security alerts, and patches related to the assets and their software.
- Install. Follow through with timely installation of security patches. If a patch can’t be installed for some reason, take other measures to mitigate any residual risks.
There are many ways these four steps can be achieved ranging from manual review and processing of data using paper or spreadsheets to fully automated patch management systems.
“Distrust & caution are the parents of security.”
Timely patching of software is not the only thing needed to stay safe; secure passwords, physical and electronic access management, virus protection and common sense play a role in being cyber-secure.
Anticipate expanded cybersecurity requirements in your own firm, especially if your industry is heavily regulated. Hacks aren’t limited to financial services companies.
Conclusion: “Never leave that till tomorrow which you can do today.”
Get up to date on your patches today! Start strategically assessing your discipline for tracking your assets and applying patches. Put measures in place to inventory and baseline assets, to regularly monitor for updates and then install them. The reality is if good patch management practices are followed most hacks can be averted.
What would Ben Franklin have to say about the Equifax breach? No doubt he would have some cleverly-worded advice about diligence for making the world a more cyber-secure place.